apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: ahx-oidc-strip
  namespace: ahxpm
spec:
  stripPrefix:
    prefixes:
      - /ahx-oidc
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: ahx-oidc.cors-header
  namespace: ahxpm
spec:
  headers:
    accessControlAllowHeaders:
      - '*'
    accessControlAllowMethods:
      - '*'
    accessControlAllowOriginList:
      - https://dev.ahxpm.com
      - https://oidc-dev.ahxpm.com
    accessControlAllowCredentials: true
    accessControlMaxAge: 100
    addVaryHeader: true
    customRequestHeaders:
      X-Forwarded-Proto: https
      X-Forwarded-Port: "443"
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: ahx-oidc.authn-app
  namespace: ahxpm
spec:
  forwardAuth:
    address: http://ahx-oidc.ahxpm.svc.cluster.local/api/internal/authn/token/app
    authResponseHeaders:
      - X-USER-BASE64
    trustForwardHeader: true
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: ahx-oidc.authn-optional-app
  namespace: ahxpm
spec:
  forwardAuth:
    address: http://ahx-oidc.ahxpm.svc.cluster.local/api/internal/authn/token/optional/app
    authResponseHeaders:
      - X-USER-BASE64
    trustForwardHeader: true
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: ahx-oidc.authn-partner
  namespace: ahxpm
spec:
  forwardAuth:
    address: http://ahx-oidc.ahxpm.svc.cluster.local/api/internal/authn/token/partner
    authResponseHeaders:
      - X-USER-BASE64
    trustForwardHeader: true
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: ahx-oidc.authn-optional-partner
  namespace: ahxpm
spec:
  forwardAuth:
    address: http://ahx-oidc.ahxpm.svc.cluster.local/api/internal/authn/token/optional/partner
    authResponseHeaders:
      - X-USER-BASE64
    trustForwardHeader: true